lect17 - 1.264 Lecture 17 Cryptography – – – – –...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1.264 Lecture 17 Cryptography – – – – – – – – – Premises for Internet security • Client-network-server are the 3 key components • Client (browser or application) premises Remote server is operated by organization stated Documents returned by server are free from viruses, etc. Remote server will not distribute user’s private info, such as Web use • Network premises (for both client and server) Network is free from 3rd party eavesdroppers Network delivers information intact, not tampered with by 3rd parties • Server premises User will not attempt to break into or alter contents of Web site User will not try to gain access to documents that he/she is not allowed User will not try to crash the server or deny service to others If user has identified him/herself, user is who he/she claims to be – – – – – – – – – – Client risks • Active content: applets, scripts, ActiveX controls, plug-ins Browsers download and run software without advance notice • User sometimes cannot virus-check before using (zero-day attack) Formerly innocuous content such as Web pages can send viruses Spyware, Trojan horses, etc. are prevalent (active content, cookies), often distributed by email but now via Web pages Solutions are less use of active content, virus checkers (new technology needed), intrusion detection, XML-based apps • Privacy loss Web server site logs: IP address, document retrieved, date/time, previous URL, and more. Cookies. Have been abused by marketing to track user habits Email. Spam. Solutions are spam filters, intrusion/extrusion detection, trust standards, email verification (IP addresses) • Server is being spoofed (phishing, other attacks) Confidential information sent to unauthorized party Solution: education, IP improvements, certificates… – – – – – – – – Server risks • Webjacking Break-in and modification of site • Thousands have occurred, including most major corporations… • Database theft is most serious risk Exploit operating system and email holes, poor configuration, poor passwords, … Solutions are patch management, OS testing, good server mgt • Denial of service Attacks that cause system to expend large resources in response Distributed denial of service attacks Solutions are distributed filters, identification of attacking servers, changes in Internet protocols...
View Full Document

This note was uploaded on 12/06/2011 for the course ESD 1.264j taught by Professor Georgekocur during the Fall '06 term at MIT.

Page1 / 18

lect17 - 1.264 Lecture 17 Cryptography – – – – –...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online